Home / PCEM Guide / Risk & Contingency
PCEM Section 10

Managing Risk & Developing Contingencies

Understanding how to identify, assess, and quantify project risks to develop appropriate contingency allowances for Queensland infrastructure projects.

Risk Management Framework

Risk Management in Cost Estimating

Risk management is a fundamental component of PCEM-compliant cost estimating. The Project Cost Estimating Manual requires systematic identification, analysis, and quantification of project risks to develop appropriate contingency allowances that reflect the uncertainty inherent in infrastructure projects.

Contingency is not a discretionary buffer or a fund to cover scope changes — it represents the financial provision required to address identified risks that may impact project costs. The PCEM distinguishes between:

Base Estimate

The most likely cost assuming everything proceeds as planned with no adverse events.

Risk-Adjusted Estimate

The base estimate plus contingency to account for identified risks and uncertainties.

Escalation

Provision for future cost increases due to inflation and market conditions.

For major projects and those requiring Australian Government funding, the PCEM mandates probabilistic risk assessment using Monte Carlo simulation to generate P50 and P90 estimates.

ISO 31000 Aligned

The 7-Step Risk Management Process

PCEM requires a structured, documented approach to risk management. The first three steps establish the foundation for comprehensive risk identification and analysis.

1

Establish Risk Context

Define the project context, objectives, constraints, and risk tolerance. Identify key stakeholders and their risk appetite. Establish risk categories and evaluation criteria specific to the project.

Key Activities

  • Review project objectives, scope, and delivery strategy
  • Identify internal and external stakeholders
  • Determine risk tolerance and acceptance thresholds
  • Define risk categories relevant to the project type
  • Establish likelihood and consequence scales
2

Risk Identification

Systematically identify all potential risks that could impact project cost, schedule, or quality. Use multiple techniques including risk workshops, checklists, historical data review, and expert consultation.

Identification Techniques

  • Facilitated risk workshops with project team and stakeholders
  • PCEM risk category checklists (design, delivery, external factors)
  • Lessons learned from similar completed projects
  • Expert interviews with design, construction, and procurement specialists
  • SWOT analysis (Strengths, Weaknesses, Opportunities, Threats)
  • Review of project assumptions and constraints
3

Risk Analysis

Assess each identified risk for likelihood of occurrence and potential consequence to project cost. Develop probability distributions for probabilistic analysis or assign discrete ratings for deterministic assessment.

Analysis Methods

  • Qualitative assessment using likelihood and consequence matrices
  • Quantitative analysis with probability distributions (triangular, PERT, normal)
  • Cost impact estimation for each risk event
  • Identification of risk interdependencies and correlations
  • Assessment of risk timing (when risk could occur in project lifecycle)
Risk Process in Numbers

Quantifying Risk Systematically

7
Process Steps
8
Risk Categories
10K+
Monte Carlo Iterations
P50/P90
Confidence Outputs
Evaluate & Treat

Steps 4–7: From Assessment to Action

The remaining steps evaluate identified risks, determine treatment strategies, and quantify the residual financial exposure that forms the basis for contingency.

4

Risk Assessment

Evaluate and prioritize risks based on their analyzed likelihood and consequence. Determine which risks require active management and which can be accepted or monitored.

Key Activities

  • Plot risks on likelihood-consequence matrix
  • Classify risks as extreme, high, medium, or low
  • Prioritize risks for treatment based on severity
  • Identify risks exceeding tolerance thresholds
  • Flag risks requiring executive attention
5

Risk Evaluation

Determine the tolerability of each risk and establish priorities for risk treatment. Compare risk levels against acceptance criteria and stakeholder risk appetite.

Key Activities

  • Compare risk ratings against tolerance levels
  • Consider cost-benefit of treatments
  • Assess whether risks are within parameters
  • Determine urgency of response actions
  • Identify risks requiring monitoring vs treatment
6

Risk Treatment

Develop and implement strategies to address prioritized risks.

Avoid

Eliminate the risk by changing project scope or approach.

Transfer

Shift risk to another party such as a contractor or insurer.

Mitigate

Reduce likelihood or consequence through proactive actions.

Accept

Acknowledge the risk and provision contingency for potential impact.

Treatment Plans Must Include: Specific actions, responsible parties, timelines, cost of treatment, and expected residual risk after treatment.

7

Determine Financial Impact (Residual Risk)

Calculate the residual cost impact of risks after treatment strategies are applied.

Financial Quantification

  • Assess remaining likelihood after treatments
  • Quantify residual cost exposure
  • Input into @Risk for Monte Carlo simulation
  • Generate P50/P90 estimates
  • Document assumptions and sensitivity
  • Develop contingency drawdown plan

Documentation Requirements

All seven steps must be documented in a Risk Management Plan and Risk Register. For major projects, this documentation forms part of the business case and is subject to independent assurance review.

Comprehensive Coverage

Eight Categories of Project Risk

PCEM identifies eight primary risk categories that should be considered for all Queensland infrastructure projects.

Design Development Change

Risks arising from incomplete or evolving design, scope refinements, stakeholder requirement changes, or discovery of unforeseen conditions during design development.

Common Examples:

  • Design refinement revealing additional scope
  • Geotechnical conditions differing from desktop studies
  • Heritage or environmental discoveries
  • Stakeholder-driven design changes
  • Value engineering modifications

Standards and Policies Change

Risks from changes to technical standards, government policies, planning scheme amendments, or regulatory requirements during project development or delivery.

Common Examples:

  • New or revised technical standards (e.g., Austroads updates)
  • Environmental or planning regulation changes
  • Safety standard amendments
  • Accessibility requirement changes
  • Local government planning scheme updates

Third Party Influence

Risks from external stakeholder actions or requirements, including utility authorities, rail operators, councils, environmental agencies, and private property owners.

Common Examples:

  • Utility relocation requirements and timing
  • Rail authority interface and possession requirements
  • Council infrastructure standards and contributions
  • Environmental agency approval conditions
  • Community or stakeholder objections

Revised Functionality

Risks arising from changes to project objectives, service requirements, performance specifications, or operational needs as the project develops.

Common Examples:

  • Traffic growth forecasts exceeding initial projections
  • Changes to operational or maintenance requirements
  • Technology or ITS requirement changes
  • Asset lifecycle requirement amendments
  • Integration requirements with other projects

Principal's Costs

Risks related to costs borne directly by the principal (government agency), including project management, consultants, permits, approvals, and internal staff costs.

Common Examples:

  • Extended design consultant engagement
  • Additional environmental or planning studies
  • Project management office costs
  • Permit and approval fees
  • Independent reviews and assurance

Project Delay

Risks of schedule extension due to approvals, design, procurement, construction issues, or external factors. Delays often result in escalation costs and extended overheads.

Common Examples:

  • Approval process delays (environmental, planning, heritage)
  • Utility relocation schedule impacts
  • Contractor availability or procurement delays
  • Weather events or seasonal constraints
  • Material or equipment supply chain issues

Property Acquisition

Risks associated with land acquisition processes, including valuation uncertainties, negotiation outcomes, tribunal determinations, and relocation costs.

Common Examples:

  • Property valuations higher than estimates
  • Landowner negotiation extending timelines
  • Land Court or tribunal cost determinations
  • Easement and access costs
  • Business relocation and disturbance costs

Unmeasured / Unidentified Items

Risks from scope elements not yet identified or quantified in the estimate, often due to incomplete design, unforeseen site conditions, or inadequate investigations.

Common Examples:

  • Contaminated land or materials
  • Unexpected underground services or structures
  • Aboriginal or European heritage discoveries
  • Acid sulfate soils or reactive materials
  • Omissions or gaps in scope definition
Assessment Methods

Risk Evaluation Approaches

The PCEM recognizes two primary approaches to evaluating project risk and developing contingency allowances.

Deterministic Approach

Uses single-point estimates for risk likelihood and consequence through risk matrices or percentage-based contingency factors. Assigns discrete likelihood ratings (rare to almost certain) and consequence ratings (insignificant to severe), then plots risks on a likelihood-consequence matrix.

When Appropriate: Suitable for OnQ Type 3 (routine) projects, early strategic planning estimates, and projects under $10 million where probabilistic analysis is not cost-effective.

Typical Ranges: Planning 50-100% | Concept 25-40% | Development 10-20% | Implementation 5-10%

Probabilistic Approach (Monte Carlo)

Uses Monte Carlo simulation with @Risk software to model the full range of possible cost outcomes. Assigns probability distributions to uncertain items, inputs risk events with likelihood and cost impact, defines correlations, and runs 10,000+ iterations to generate P50 and P90 estimates.

When Required: Mandatory for OnQ Type 1 (Major Projects), OnQ Type 2 (Complex Projects), and all Australian Government funded projects over $25 million.

Outputs: P50 & P90 estimates, S-curve distributions, tornado diagrams, and sensitivity analysis.

P50 vs P90: Understanding Confidence Levels

P50 (50th Percentile): The estimate has a 50% probability of being exceeded and 50% probability of not being exceeded. This represents the "expected value" or most likely cost outcome. P50 is appropriate for internal planning and risk-sharing delivery models.

P90 (90th Percentile): The estimate has a 90% probability of not being exceeded (only 10% chance of cost overrun). This represents a high-confidence budget for funding approvals. P90 is typically required for business cases, government funding submissions, and fixed-price contracts.

PCEM Requirement: Major project business cases must present both P50 and P90 estimates, with clear explanation of the difference representing risk-based contingency.

Expected Contingency Ranges by Project Phase

While every project is unique, PCEM provides guidance on expected contingency ranges based on project maturity and information availability. These ranges apply to deterministic estimates; probabilistic estimates determine contingency through Monte Carlo simulation.

Project Phase Design Maturity Typical Contingency Range Key Uncertainties
Strategic Planning 0-10% ±50% to ±100% Concept only, no design, high scope uncertainty
Concept Phase 10-30% ±30% to ±50% Preliminary design, limited investigations, scope refinement likely
Development Phase 30-90% ±10% to ±20% Detailed design progressing, most risks identified, construction methodology defined
Implementation Phase 90-100% ±5% to ±10% Complete design, specifications finalized, limited scope uncertainty

Important Considerations

  • Project Complexity: Complex projects (OnQ Type 2) or novel delivery methods may require contingencies at the upper end of these ranges.
  • Risk Exposure: High-risk projects (e.g., brownfield urban locations, significant environmental constraints) may justify contingencies above standard ranges.
  • Market Conditions: Volatile markets or supply chain uncertainties may warrant additional risk allowances.
  • Probabilistic Results: For Monte Carlo estimates, the difference between P50 and P90 represents the calculated contingency based on actual project risks.
  • Documentation: Contingency assumptions and calculations must be clearly documented in the Basis of Estimate.
Accuracy Over Time

The Cone of Accuracy

Estimate accuracy improves as projects mature from strategic planning through to implementation. As design progresses and uncertainties are resolved, the range of possible cost outcomes narrows.

+100% +50% Base -50% Strategic 0-10% Design Concept 10-30% Design Development 30-90% Design Implementation 90-100% Design Base ±50-100% ±30-50% ±10-20% ±5-10% Estimate Accuracy Through Project Phases

Progressive Uncertainty Reduction

  • Strategic Planning: Wide uncertainty due to conceptual scope definition and minimal design
  • Concept Phase: Uncertainty reduces as preliminary design clarifies scope and major risks are identified
  • Development Phase: Detailed design resolves most uncertainties and quantifies risks more accurately
  • Implementation Phase: Final design and complete specifications minimize remaining uncertainties

This progressive refinement must be reflected in contingency allowances, with higher contingencies in early phases gradually reducing as the project matures and risks are retired.

Our Expertise

How Cenex Manages Project Risk

Sophisticated risk management techniques aligned with PCEM requirements, delivering robust and defensible contingency allowances.

Facilitated Risk Workshops

Structured risk identification workshops covering all eight PCEM risk categories, bringing together design, construction, procurement, and stakeholder expertise for comprehensive risk capture and aligned treatment strategies.

Monte Carlo Simulation

Licensed @Risk software with qualified analysts experienced in probabilistic cost estimating. We model correlations between dependent risks, run sensitivity analyses, and identify key cost drivers requiring management attention.

Risk Register Development

Comprehensive risk registers documenting assessment, treatment strategies, residual exposure, and responsibility assignments. Integrated with cost estimates for ongoing risk monitoring and contingency drawdown tracking.

P50 & P90 Estimate Generation

PCEM-compliant probabilistic estimates with full supporting documentation including S-curves, tornado diagrams, and sensitivity analysis for business case submissions and independent assurance reviews.

Why Choose Cenex

PCEM Risk Management Expertise

With CE1 pre-qualification and extensive experience in probabilistic cost estimating for Queensland major projects, Cenex delivers risk-adjusted cost estimates that meet all PCEM requirements while providing actionable insights for project risk management.

Licensed @Risk Software

Current licenses for Monte Carlo simulation and probabilistic analysis

Qualified Risk Analysts

Team members with specialized training in infrastructure risk assessment

OnQ Type 1 & 2 Track Record

Delivering P50/P90 estimates for major and complex projects

Independent Review Capability

Third-party risk assessment and estimate validation

Need PCEM-Compliant Cost Estimates?

Cenex delivers CE1 pre-qualified, PCEM-compliant cost estimates for Queensland infrastructure projects.

Contact Us Today